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Remarks 

In the application, claims 1 through 12 are pending. No claims currently stand allowed. 

The Office Action dated July 20, 2004, has been carefully considered. The Office Action 
rejects claims 1 and 2 under 35 U.S.C. § 103(a) as obvious in light of U.S. Patents 6,298,383 
("Gutman") and 5,623,601 ("Vu"). Claims 3 through 8 and 10 are rejected as obvious in light of 
Gutman, Vu, and U.S. Patent 5,913,025 ("Higley"). Claim 9 is rejected as obvious in light of 
Gutman, Vu, Higley, and U.S. Patent 6,081,900 ("Subramaniam"). Finally, claims 11 and 12 are 
rejected as obvious in light of Higley, Gutman, and U.S. Patent 6,198,824 ("Shambroom"). 

The present application and the cited art deal with various aspects of proxy authorization 
schemes. To present a common background to these schemes, a "user" is granted permission to 
access a "target service." (For consistency's sake, the present discussion uses the terminology of the 
present application. Gutman, in contrast, calls the user a "domain" and reserves the word 6t user" for 
the "proxy client.") Traditionally, the user must present his authentication credentials to the target 
service to prove that he in fact who he says he is and, thus, that he has the requisite permissions. In 
many of these proxying schemes, an application or service (called a "proxy client") takes the benefit 
of the user's permissions to access the target service in order to perform work for the user. 

In the proxy schemes detailed in the cited art, the proxy client always acts as a go-between 
to facilitate live communications between the user and the target service. For example, in Vu a 
firewall prevents a user behind the firewall from directly communicating with a target service 
outside the firewall. A proxy client, using the authentication credentials of the user, logically sits on 
the firewall and communicates both with the user and with the target service. By serving as a 
communications pass-through, the proxy client allows the user to communicate with the target 
service almost as if the firewall were not there. The proxy schemes in the other cited references are 
similar, if not identical, to Vu. 

The presently claimed invention, on the other hand, differs significantly from all of the 
proxy schemes in the cited art. In the invention as presently claimed, the proxy communications are 
between the proxy client and the target service and do not involve the user at all. This type of 
operation is often called "batch mode" (see the present specification, page 2, line 7, through page 3, 
line 25). Before the proxy communications begin, the user sets up the authentication credentials and 
grants the proxy client permission to use them. The user, in most cases, is also responsible for 
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requesting that the proxy client access the target service. During the actual course of the proxy 
communications, however, the user is out of the picture: The end points of the communications are 
the proxy client, acting with the user's authentication credentials, and the target service. (The proxy 
client may, and probably will, provide status and completion information to the user.) To clarify this 
distinction over the cited art, the following element is added to independent claim 1 : 

Claim 1 : accessing, by the proxy client, the target service, the access being in 
a batch mode without user intervention. 

(Emphasis added.) (Claim 1 1 now has similar language). In contrast, the cited art always discusses 
proxy authentication in the context of communications pass-through to the user and nowhere 
discusses the use of proxy authentication to facilitate batch-mode processing. 

The remaining independent claim, claim 6, is modified to clarify that the trusted security 
server stores the user's authentication information: 

Claim 6: A computer-readable medium having computer-executable 
instructions for a trusted security server to perform the steps: 

storing proxy authorization information from a user for authorizing a 
proxy client to act as a proxy of the user; 

(Emphasis added.) This is clearly different from the portion of Gutman cited against claim 6 in the 
Office Action. That section (Gutman, column 2, lines 6 through 10) describes some "minimal" user 
information kept by the ISP. However, that information cannot be the "proxy authorization 
information" of claim 6 because, in column 1, line 60, Gutman says that "the ISP cannot really 
authenticate the user." (In Gutman, the proxy authorization information is instead stored in an 
Authentication, Authorization, and Accounting service which is distinct from the ISP.) Thus, the 
cited portion of Gutman does not contain this element of claim 6. 

In sum, the combination of the cited art simply does not show every element of the currently 
pending independent claims (1,6, and 1 1), and therefore the cited art neither anticipates nor renders 
obvious these independent claims. As all other currently pending claims depend from these claims, 
applicants request that the rejections be withdrawn and that all currently pending claims be allowed. 
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Conclusion 

The application is considered in good and proper form for allowance, and the Examiner is 
respectfully requested to pass this application to issue. If, in the opinion of the Examiner, a 
telephone conference would expedite the prosecution of the subject application, the Examiner is 
invited to call the undersigned attorney. 



Respectfully submitted, 




John T: Bretscher, Reg. No. 52,651 
One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 
Chicago, Illinois 60601-6780 
(312)616-5600 (telephone) 
(312)616-5700 (facsimile) 

Date: September 1 5, 2004 
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